According to The Life and Times of Cybersecurity Professionals Volume VI (2023), the cybersecurity skills shortage continues unabated, leaving a majority of organizations with an ever-growing gap in the cybersecurity skills needed to reduce their cyber-risk from the latest threats. As the void widens, cybersecurity professionals bear the brunt: More than half find their jobs harder than two years ago, with many facing ongoing internal issues and new external challenges from an increase in cybersecurity complexity to a surge in cyber-attacks against an expanding attack surface. Chronic understaffing remains a major contributor to these issues and associated ramifications, with roughly one out of five professionals having even considered making a career switch, mainly out of frustration with what they perceive as organizational neglect and the sheer stress of their jobs.
Insight
-
-
Research Objectives
- Assess the career progression of cybersecurity professionals.
- Determine whether cybersecurity professionals are satisfied with their careers and current jobs.
- Measure the impact of the global cybersecurity skills shortage and uncover what organizations are doing in response.
- Monitor cybersecurity leadership stat
-
Research Objectives
Organizations across industries improve their productivity, innovation, and customer service with an increase in web, mobile, and cloud applications leveraging microservices architectures. But this brings an increase in APIs connecting application components and resources. Organizations rate APIs as the element in the cloud-native stack most susceptible to attack, and attacks stemming from insecure APIs were the most commonly identified cybersecurity incident tied to cloud-native app development over the last 12 months. As the number of APIs continues to grow, security risk increases.
As a result, organizations need effective API security solutions to reduce risk as cloud-native development scales and help their teams discover, manage, configure, monitor, and protect their APIs to keep pace with modern software development. To gain further insight into these trends, TechTarget’s Enterprise Strategy Group surveyed 397 IT, cybersecurity, and application development professionals at organizations in North America (US and Canada) responsible for evaluating, purchasing, and managing API security solutions.
This study sought to answer the following questions:
- Approximately what percentage of public-facing web applications are based on a microservices, cloud-native architecture today? How is this expected to change, if at all, over the next 24 months?
- How frequently do organizations’ developers (and/or DevOps teams) deliver new software builds to production? How is this expected this change, if at all, over the next 6 to 12 months?
- What security challenges do organizations face with the faster development cycles of CI/CD?
- What is the average number of APIs per application? What proportion of cloud-native applications use APIs today? How is that expected to change, if at all, over the next 24 months?
- Have organizations experienced a security incident related to insecure APIs in the last 12 months? What type of security incident(s) did organizations suffer as a result of insecure APIs?
- What are the biggest challenges organizations have faced with API security? What types of API vulnerabilities are of greatest concern?
- How long does it typically take for organizations to remediate an API vulnerability? How do organizations ensure APIs do not expose sensitive data?
- How would organizations describe the collective level of understanding their development teams have of security risks for APIs?
- Do organizations provide formal API security training to their development teams?
- When new APIs are published, when does the team responsible for securing them become involved?
- What is the source from which API security is funded, or will likely be funded? Do organizations expect to increase their spending on API security technologies, services, and personnel over the next 12-18 months?
- What do organizations expect to increase their API security spending on the most over the next 12-18 months?
- What actions do organizations expect to take over the next 12-18 months to implement or optimize their web application and API protection strategies?
Survey participants represented a wide range of industries including manufacturing, technology, financial services, and retail/wholesale. For more details, please see the Research Methodology and Respondent Demographics sections of this report.
-
Research Objectives
The broad adoption of public cloud services and containers as sources and repositories of business-critical data puts the onus on data owners to deliver on data protection SLAs for cloud-resident and container-based applications and data. Users are confused about the data protection levels that public cloud and Kubernetes environments deliver and about the changing protection options (DIY in the cloud, cloud-native third-party solutions, hyperscalers’ built-in features, as-a-service, etc.). As vendors and the cloud ecosystem evolve and add as-a-service consumption options, end-users are making incorrect comparisons and assumptions as well as failing to select the key data protection capabilities they need to maximize their cloud technology investments. This confusion leads to lasting challenges, and the market is now at a crossroads.
To assess the state of cloud-based data protection and the as-a-service market (e.g., in cloud/to the cloud, BaaS, and DRaaS), TechTarget’s Enterprise Strategy Group (ESG) surveyed 397 IT professionals in North America (US and Canada) familiar with and/or responsible for data protection technology decisions for their organization, specifically around data protection and production technologies that may leverage cloud services as part of the solution. This study sought to answer the following questions:
- How do organizations define backup-as-a-service (BaaS) and disaster recovery-as-a-service (DRaaS)?
- What is the adoption status of BaaS, DRaaS, and cloud backup/disaster recovery targets?
- What groups/roles within organizations are involved with the evaluation of and influence the purchase of public cloud-based data protection solutions? Which group/role typically makes the final purchase decision?
- How many times in the last 12 months have organizations had to recover data from on-premises and/or public cloud environments? What percentage was recovered on average in those cases?
- What were the reasons for data recovery efforts in the last 12 months?
- Would organizations consider a public cloud-based data protection solution that includes an on-premises cache or storage for local recovery to improve data recovery SLAs (e.g., RPO)?
- What approaches currently protect applications/workloads/data in public cloud infrastructure services?
- What types of data protection technologies are used in these approaches, and which assets are protected?
- How is critical public cloud-based unstructured data protected, and what are acceptable recovery times?
- What is the impact on teams of the daily management and maintenance of public cloud data?
- How many full-time staff are allotted for data protection objectives associated with cloud data?
- What methods do organizations use to protect data within virtual machines on public cloud infrastructure?
- What are organizations’ preferred approach to protecting multiple unique public CSP environments?
- How do organizations estimate the costs of their cloud backups and recoveries for hyperscalers?
- What approaches do organizations take to ensure cost-efficient data tiering for the data protection storage supporting their public cloud infrastructure-resident applications?
- Does organizations’ backup software handle the appropriate tiering of data written to object storage?
- How important is it to have a container backup and recovery management solution that works across multiple disparate public cloud infrastructure services going forward?
- Do organizations’ container backup schemas integrate with their current data protection environment?
Survey participants represented a wide range of industries, including financial, manufacturing, retail/wholesale, and healthcare, among others. For more details, please see the Research Methodology and Respondent Demographics sections of this report.
-
Application developers are challenged with efficiently creating innovative solutions while managing time constraints, which can be mitigated by the transformative impacts of generative artificial intelligence (AI) streamlining code generation and accelerating development processes. Organizations have integrated generative AI (GenAI) into their operational setup to accelerate code creation, refine code structures, elevate code quality, and deliver personalized customer experiences. By harnessing GenAI, application developers tackle issues by capitalizing on the technology’s ability to automate tasks, drive creativity, and deliver innovative solutions.
-
With modern IT environments comprising distributed applications across private data centers, public clouds, and edge locations, plus support for hybrid employees working outside of traditional office settings, networking professionals have plenty of choices to make as they ensure critical connectivity for their businesses. Recent research by TechTarget’s Enterprise Strategy Group revealed some interesting findings when it comes to these decisions makers’ preferences for cloud-based network management versus on-premises-based strategies.
-
In networking, a digital twin is a virtual representation of an organization’s actual network environment that IT teams can use as a virtual test bed to assist in planning changes or upgrades to the environment. TechTarget’s Enterprise Strategy Group recently looked into how familiar organizations are with these solutions, how important they are perceived to be, and what current levels of interest are in terms of applying digital twin technology to the networking space.
-
Organizations seeking digital transformation increasingly use cloud-native applications as their vehicle, which typically entails orienting their development and deployment environments toward cloud infrastructure. Indeed, Enterprise Strategy Group research showed an increase in year-over-year spending on cloud-native architectures, with microservices increasingly preferred over traditional multi-tier deployment methods. IT leaders should continue building on their existing collaboration with DevOps and other application development professionals to move closer to the ultimate goal of consistently deploying fully portable applications across multiple clouds.
-
Many organizations recognize that a digital transformation of the business is possible only with a robust, cloud-native application development and deployment strategy. But sometimes their readiness assessment is unrealistic, and actual maturity levels vary widely. To succeed in this transformative journey, organizations must fully develop their cloud-native strategies, assess how well they are currently positioned, and determine whether they have the right tools, people, and technologies to meet their cloud-native deployment goals.
-
Research Objectives
The need for observability in IT operations management is driven by the desire for organizations to reduce downtime, increase operational security, and improve customer, digital, and employee experiences. This is important because software, in many cases, contributes directly to an organization’s bottom line. In IT operations management, the addition of distributed and multi-cloud, cloud-native development and architectures as well as the increasing importance of security mean that the infrastructure is much more complex and significantly more dynamic. For software developers and DevOps teams, understanding the behavior of their code in production and integrated development environments empowers them to troubleshoot and deliver better-performing code and applications in less time. Against this backdrop, IT and DevOps teams are embracing observability and, to a lesser extent, AIOps to help them instrument and monitor their infrastructure and applications.
To determine the current state of observability and AIOps in modern organizations, Enterprise Strategy Group surveyed 374 IT and DevOps/AppDev professionals in North America (US and Canada) responsible for evaluating, purchasing, building, and managing application infrastructure in their organization.
This study sought to answer the following questions:
- What percentage of organizations are using full-stack observability today? How many plan to implement?
- To what extent are organizations deploying observability across their environments?
- How many observability tools do organizations use to collect data from their environments?
- To what extent is observability tool sprawl adding complexity to environments?
- What third-party observability or monitoring tools are in use? Which are most valued by organizations?
- What are the most important organizational priorities for observability?
- What are the most impactful benefits delivered by observability and monitoring strategies?
- What are the biggest challenges or concerns when it comes to deploying observability solutions?
- What are the biggest challenges or concerns in using and supporting observability solutions?
- How are organizations planning to address challenges relating to observability data growth?
- What do organizations consider to be the most important observability tools currently in use?
- Which teams are making the final decisions around which observability tools are used?
- How confident are teams in the observability tools they are using across all stages of the application lifecycle (e.g., build, release, and operate)?
- What are the plans to invest in additional tools and services to support monitoring and observability strategies? Which tools or services are organizations targeting?
- What is the current and future adoption landscape for AIOps?
- Among organizations using AIOps, what benefits are delivered and how impactful are they?
- How important is AIOps in terms of overall observability strategies and future related plans?
- What are the barriers to AIOps adoption?
Survey participants represented a wide range of industries, including manufacturing, technology, financial services, and retail/wholesale. For more details, please see the Research Methodology and Respondent Demographics sections of this report.
-
For organizations on a digital transformation journey, sound data governance practices must play a strategic role. As the amount of data and value of that data to the business continue to increase, so too does the importance of managing its availability, usability, integrity, and security.
Learn more about these trends with the infographic, The Strategic and Evolving Role of Data Governance.
-
As more workers collaborate virtually, many organizations now depend on additional digital communication tools beyond email. Unfortunately, these new collaboration tools provide attackers the opportunity to engage with humans and evade automated cybersecurity controls.
Learn more about these trends with the infographic, Challenges in Securing an Overabundance of Communication and Collaboration Tools.